ion san diego - dhcpv6 issues

• 1. 2011 Infoblox Inc. All Rights Reserved. Paul Ebersman, IPv6 Evangelist @paul_ipv6, pebersman@infoblox.com DHCPv6 Issues ISOC ION 11 Dec 2012 1

2. 2011 Infoblox Inc. All Rights Reserved. 2 Mac vs DUID 3. 2011 Infoblox Inc. All Rights Reserved. DUID vs MAC Mac address as ID is flawed: Not always unique Can be altered Multi-interface hosts confuse things But its what most of the eyeballs on the Internet are IDed by currently DUID (DHCP Unique Identifier) is the replacement in IPv6 3 4. 2011 Infoblox Inc. All Rights Reserved. 4 What DUIDs do right One DUID per DHCP server or client One Identity Association (IA) per network interface on a host A host can DHCP for all interfaces via DUID/ IA as unique key 5. 2011 Infoblox Inc. All Rights Reserved. 5 Where DUIDs dont work Anyone using mac address for identification or filtering Anyone trying to correlate IPv4 and IPv6 to the same machine/user Persistent storage of DUID may cause surprises 6. 2011 Infoblox Inc. All Rights Reserved. 6 RA vs DHCPv6 7. 2011 Infoblox Inc. All Rights Reserved. The addressing wars RAs RDNS (RFC 6106) support inconsistent Only prefixes, default route, RDNS Cant do complex configs/options DHCPv6 No default route Usually not on link local, more complex Requires RA to set O/M bits 7 8. 2011 Infoblox Inc. All Rights Reserved. 8 Unresolved 9. 2011 Infoblox Inc. All Rights Reserved. Still not standardized Prefix Delegation /etc/resolv.conf and multiple DHCP leases Multiple default routes OS implementations of RFC 6724 9 10. 2011 Infoblox Inc. All Rights Reserved. 10 Thank you!